The general problem is to provide a device capable of transmitting in a secured manner a set of films of high visual quality in an MPEG-4 form directly to a television screen and/or to be recorded on the hard disk of a box linking the remote transmission network to a monitor type screen or television screen, while preserving the audiovisual quality, but preventing fraudulent use such as the possibility of making “pirate” copies of films or audiovisual programs recorded on the hard disk of the decoder box.
With the presently available solutions, it is possible to transmit films and audiovisual programs in digital form via broadcasting networks of the airwaves, cable, satellite, etc. type or via telecommunication networks of the DSL (Digital Subscriber Line) or LRL (Local Radio Loop) type or via DAB networks (Digital Audio Broadcasting). Moreover, in order to prevent the pirating of the works broadcast in this manner, these works are often encrypted by various means known to the expert in the field.
However, the principal drawback of presently available solutions (TiVo Inc., WO 00/165762) is that it is necessary to transmit not only the encrypted data to the users, but also the decryption keys. Transmission of the decryption keys can be implemented before, at the same time as or after the transmission of the audiovisual programs. In order to increase the security and thus the protection of the audiovisual works against ill-intentioned use, the decryption keys as well as the decryption functions of the audiovisual decoders can comprise enhanced security means such as smart cards or other physical keys that can optionally be updated remotely.
Thus, the presently available solutions applied to a decoder box with the possibility of local recording of audiovisual programs in digital form on any kind of support of the hard disk or other type of memory provide the ill-intentioned user with the possibility of making unauthorized copies of the program recorded in this manner, since at a given moment the user possesses with a digital decoder box, optionally associated with smart card systems, all of the information, software programs and data enabling the complete decryption of the audiovisual programs. In fact, because the user has all of the data the ill-intentioned user would have the possibility of making illegal copies without anybody becoming aware of this fraudulent copy at the moment it is made.
One solution would therefore consist of transmitting all or part of a digital audiovisual program solely on demand (on demand video services) via a broad band telecommunication network of the ADSL, cable or satellite type, without authorizing the local recording of the audiovisual programs. WO 00/11871 (Open Entertainment) thus proposes a solution of distribution of multimedia files on request by the user. The drawback is completely different and stems from the performance of these networks which cannot ensure the continuous flow of multiple megabits per second to each user as is required by the MPEG-4 flows which require pass bands of several hundreds of kilobits to multiple megabits per second.
Under these conditions, one solution consists of separating the flow into two parts neither of which can be used on its own. Multiple patents have been filed in this context. WO 99/08428 (Gilles Maton) discloses a multiapplication processing method of a localizable active terminal in which there is implemented at least one link with an identifiable program dedicated to the execution of an application, the program dictating its conditions of exploitation to the terminal for making the functions available. The terminal dialogues punctually by the use of a link with the management center for the implementation, if necessary, of inputs and outputs of the center's capacity, the management center optionally becoming a slave of the terminal at the level of application of the incoming program. WO '428 also discloses a method for identification of the program and terminal in exploitation mode. That method divides the flow into a part serving to identify the user and a part that contains the program itself. In particular, the program is not unusable, but merely locked out by the first part.
In another direction, EP 0778513 (Matsushita) describes a method enabling the prevention of illegal use of an information unit by adding to it a control information unit in order to verify the user's rights. The system makes it possible to permanently know which part of the information unit is used and by which user and thus to know whether or not this user is in an illegal position. That method thus secures the data by adding to it additional information units which distort the initial information.
WO 00/49483 (Netquartz) also provides methods and systems for creating a link between the users and an editor of digitized entities. The method comprises at least one of the following steps: the step of subdividing the digitized entity into two parts; the step of storing one part in memory in a memory zone of a server connected to a computer-based network; the step of transmitting the other part to at least one user having available computer-based equipment; the step of connecting the computer-based equipment to the computer-based network; the step of establishing a functional link between the first part and the second part.
Finally, continuing this approach, U.S. Pat. No. 5,937,164 discloses a solution which consists of separating the flow into two parts, the smaller of which holds an information unit required for the use of the larger part. Nevertheless, that patent is not sufficient for responding to the identified problem. In fact, the suppression of a part of the flow distorts the format of the flow and therefore cannot be recognized as a standard flow that is exploitable with the general software applications. This method of the prior art requires both a specific software program at the server end, for the separation into two parts, and another specific software program to implement not only the reconstruction of the flow but also the acquisition of the principal flow and its exploitation according to a format proprietary to the solution. This proprietary form is not the initial format of the flow prior to its separation into two parts in this known solution.
U.S. Pat. No. 5,892,825 follows on the preceding patent, but in a less broad framework because the flows are always encrypted. U.S. Pat. No. 6,035,239 is based on the same principle and pertains to a method enabling the reading of a CD-ROM or DVD-ROM type disk contingent on the identification of the rights by the insertion of a smart card on which the information units necessary for reading are stored. That method is not sufficient because it does not ensure that the modified flow is of the same format as the original flow. U.S. Pat. No. 6,185,306 pertains to a method for the transmission of encrypted data from a Web site to a requestor computer. However, that method enables the user to have available at a given moment all of the tools required for copying the data.
U.S. Pat. No. 6,233,356 (Haskell Barin Geoffry et al.) discloses a scalability method of the MPEG-4 flows, i.e., the separation of the elements of the MPEG-4 video flow into multiple layers. The first layer, called the base layer, is required for reading the MPEG-4 flow and sufficient for reading it, but with a mediocre quality. The other layers make it possible to improve this quality, but will only be transmitted to the decoder if the transmission means allow it, i.e., if it is capable of transmitting, and the base layer and one or more supplementary layers.
EP 0 920 209 (Thomson Multimedia) discloses a method and a device for the scrambling of digital video data. EP '290 pertains to the change in the I images of an MPEG-2 flow of the DC and AC coefficients in order to protect the flow. The AC coefficients are permuted among each other in the same block by means of an exchange value which will be contained in the flow after the transformation has been implemented. The DC coefficients will be replaced by the coefficients of different values selected by means of a control value which will also be stored in the flow.
WO 01/69354 (Microsoft) discloses a system which protects a digital product (software or content) by breaking it down into at least two flows. This first flow is transmitted to the client's equipment by a physical medium such as a CD-ROM or a DVD. The second flow is transformed so as only to be exploitable by the client station in question, then it is transmitted by the same method or by a telecommunication network to this client station. The station receiving the two flows can modify the first flow as a function of a key transmitted by the server so that the first flow is compatible with the second flow received, and these two flows are recombined together in order to reconstitute a binary flow with substance equivalent to the original flow, but different in terms of configuration, and adequate for the client system. Thus this system ensures that the flow to be transmitted is good for the client device and that it can only be used by said device.
U.S. Pat. No. 6,104,860 (Goto Koicho et al.) discloses an access control system enabling the recording or not of television programs as a function of the authorization given to the user of this method, and validated by a key contained in a smart card. The transmitted television flow contains supplementary information units analyzed by the system and which validates or not the authorization to record. Once recorded, the flow can be replayed but it is again subjected to reading authorization via the access control.
“White Paper on the Secure Digital Music Initiative SDMI” (Rump N et al) discloses a system that consists of adding information to a flow in order to add data concerning the ownership of said flow.